So, What is Ansible?
Ansible is simply an Automation Tool, which handles automation of your IT infrastructure, like:
- Configuration management
- Multi-node orchestration
- Application deployment
- Ad-hoc task execution
- Network automation
- Provisioning
Few reasons that make Ansible my first choice:
- Ansible is a Push-based configuration management tool that makes it more powerful and different from other configuration management tools. It requires to setup a control node only, and you are good to push your configurations or deployments to any (or self) node configured in your inventory. sounds cleaner way to set up a node :)
- It is open source and free to use.
- CentOS and Ubuntu Linux is one of the choices for application deployments, and by default, Ansible is packaged to support a number of modules that are commonly used for managing the virtual machines.
- Ansible is backed by a strong developer community, so no need to worry if you are stuck, you will get help easily.
- Ansible offers a very high and seamless integration with leading cloud providers (AWS, Azure, GCP), different automation tools (like StackStorm), and various 3rd Party services.
- It is highly customizable based on your workflow requirements, with the ability to easily create new modules/sub-modules and plugins.
How to Setup?
Ansible is an agentless automation tool that you install on a control node. From the control node, Ansible manages machines and other devices remotely (by default, over the SSH protocol).
Ansible is supported on the majority of general-purpose Operating systems. A few of them are Linux (RHEL, CentOS, Fedora, Ubuntu, Debian, Arch), macOS, Windows...
There are several ways to install Ansible on your control node. If your OS supports a rich package manager that comes with Ansible binaries, go for it. If not, Ansible and its required binaries can be easily installed using python's widely used package management tool, pip
.
- Install pip on your control node (https://pip.pypa.io/en/stable/installation/)
- Install Ansible using pip
$ python -m pip install --user ansible
How Ansible Works?
Ansible works by connecting your control node to managed nodes and pushing out small programs, called "Ansible Modules" to them. Ansible then executes these modules (over SSH by default) and removes them when finished. The configuration of all the managed nodes can be done in the inventory file. Ansible even supports Jinja2 templating to enable dynamic expressions and access to variables and facts.
So How do we tell Ansible to execute these modules?
Executing an ad-hoc command
Write the flow of your configurations in an Ansible playbook. Ansible Playbook is a YAML file, in which you write ordered instructions for pushing your configurations; these instructions are nothing but writing the modules, which will be executed on the remote hosts.
Let's see an example in action:
Presumably, you have already installed Ansible on your control node, we will go through the process of running the Ansible playbooks step by step.
- Verify Ansible setup on Control Node
- Create the Managed node and configure the SSH keys
- Setup the standard Ansible directory on control Node
- Write a playbook
- Running your playbook
1. Verify Ansible setup on Control Node
The Ansible 'ping' module is a simple but useful tool for testing connectivity with a remote host. The module will attempt to connect to the remote, validate a usable 'python', and return 'pong' if successful.
~ ➜ ansible localhost -m ping
localhost | SUCCESS => {
"changed": false,
"ping": "pong"
}
2. Create a managed node and set up the SSH keys
We will bootstrap a minimal Ubuntu virtual machine, where we will setup the configurations using ansible. Additionally, we will setup the SSH keys to allow access to the managed node from your control node.
2.A Install multipass
Multipass is a lightweight VM manager, and we can launch Ubuntu instances using the multipass cli.
Installation Instructions: https://multipass.run
2.B Launching Multipass instance
~ ➜ #List available multipass instances
~ ➜ multipass find
Image Aliases Version Description
18.04 bionic 20220310 Ubuntu 18.04 LTS
20.04 focal,lts 20220308 Ubuntu 20.04 LTS
21.10 impish 20220309 Ubuntu 21.10
~ ➜ #Launch bionic instance with default configurations
~ ➜ multipass launch --name ubuntu-bionic bionic
Launched: ubuntu-bionic
2.C Copy SSH keys to ubuntu VM
~ ➜ #Generating SSH key pair
~ ➜ ssh-keygen -t rsa -N '' -f /tmp/ansiblekey <<< y
Generating public/private rsa key pair.
Your identification has been saved in /tmp/ansiblekey
Your public key has been saved in /tmp/ansiblekey.pub
The key fingerprint is:
SHA256: <random-chars> manojsh@192.168.54.24
~ ➜ #Copying public key to multipass instance
~ ➜ cat /tmp/ansiblekey.pub | multipass exec ubuntu-bionic -- tee -a .ssh/authorized_keys
2.D Verify SSH to multipass instance
~ ➜ #List Multipass instances
➜ Installs multipass ls
Name State IPv4 Image
ubuntu-bionic Running 192.168.215.15 Ubuntu 18.04 LTS
~ ➜ #SSH into multipass instance
➜ ssh -i /tmp/ansiblekey ubuntu@192.168.215.15
The authenticity of host '192.168.215.15 (192.168.215.15)' can not be established.
ED25519 key fingerprint is <random-chars>.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
ubuntu@ubuntu-bionic:~$
3. Setup the standard Ansible directory on control Node
3.A Create an AnsibleWorkspace
directory
~ ➜ #Create a directory where you can keep your playbooks, inventory and other required files.
~ ➜ mkdir AnsibleWorkspace
~ ➜ cd AnsibleWorkspace
AnsibleWorkspace ➜ ls -a
. ..
AnsibleWorkspace ➜
3.B Create ansible.cfg
file
'ansible.cfg' is a main configuration file that governs the behavior of all interactions performed by the control node.
~ ➜ #Generating default ansible config file with all properties disabled
AnsibleWorkspace ➜ ansible-config init --disabled > ansible.cfg
3.B Create inventory file
Ansible works against managed hosts that are configured in your inventory file as a list or group of lists. The default location for inventory is /etc/ansible/hosts
, but we can override this by updating path value of inventory
field in ansible.cfg
file. Let's first create an inventory file for our multipass ubuntu instance.
AnsibleWorkspace ➜ cat > ./inventory << EOL
[webservers]
nginxserver ansible_host=192.168.215.15 ansible_user=ubuntu
EOL
ansible_host
and ansible_user
values are nothing but the IPAddress and username of your configured multipass instance; using this info ansible will connect to the multipass instance via SSH.
Please read this official link to learn more about inventory file creation.
3.C Update inventory and ssh-key file path in 'ansible.cfg' file
Open the ansible.cfg file and set the following values under defaults section
[defaults]
inventory=./inventory
private_key_file=/tmp/ansiblekey
3.D Verify the Ansible Configuration
Since we have already configured inventory and private key path, we are good to verify connectivity with our multipass instance 'nginxserver'.
➜ AnsibleWorkspace ansible nginxserver -m ping
nginxserver | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
4. Write a playbook
Playbooks are the language by which Ansible orchestrates, configures, administers, or deploys systems.
Let's write a playbook to setup an Nginx server.
Create nginx-setup.yml
file in your AnsibleWorkspace
directory with tasks to install and start an Nginx server.
---
- hosts: nginxserver
become: yes
tasks:
- name: Install nginx latest version on host
apt:
name: nginx
state: latest
- name: Start nginx service
service:
name: nginx
state: started
Let's take a look at each and every part of your playbook file:
hosts: The name of the node or node-group configured in your inventory.
become: The become flag instructs ansible to connect as a root user.
tasks: tasks is a list of modules that we wish to run on the managed node in a specific order. Every task will include a 'name' field as well as a'module' with configurable arguments.
apt The apt module will install the newest version of Nginx using the standard Ubuntu apt package manager.
service service module controls services on managed node.
5. Running your playbook
Ansible is packaged with a set of binaries, We can run an ansible playbook using the ansible-playbook
command.
AnsibleWorkspace ➜ ansible-playbook nginx-setup.yaml
PLAY [nginxserver] **************************************************************
TASK [Gathering Facts] **************************************************************
ok: [nginxserver]
TASK [Install nginx latest version on host] **************************************************************
changed: [nginxserver]
TASK [Start nginx service] **************************************************************
changed: [nginxserver]
PLAY RECAP **************************************************************
nginxserver : ok=2 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Playbook executed without any error, and we can see it has installed and started nginx service. Now, let's verify the output, go to http://192.168.215.15 (multipass instance ip, default port 80) in your browser.
Final Words
Ansible is a straightforward yet powerful automation solution for automating your IT infrastructure. It can manage modest to large-scale systems. We can use ad-hoc commands to meet simple demands or construct complicated playbooks to set up a multi-node orchestration.
Resources to learn more about ansible:
Top comments (1)
Really one of the best way I found to go and start with Ansible.
Kudos @manojshr